Want a security starter pack? | Surveillance Sel...

https://ssd.e.org/en/playlist/want-security-start...

(/en)

An Introduction to Threat Modeling

There is no single solution for keeping yourself safe online. Digital security isnt
about which tools you use; rather, its about understanding the threats you
face and how you can counter those threats. To become more secure, you
must determine what you need to protect, and whom you need to protect it
from. Threats can change depending on where youre located, what youre
doing, and whom youre working with. Therefore, in order to determine what
solutions will be best for you, you should conduct a threat modeling
(/en/glossary/threat-model) assessment.

When conducting an assessment, there are

five main questions you should ask yourself:
1. What do you want to protect?
2. Who do you want to protect it from?
3. How likely is it that you will need to protect it?
4. How bad are the consequences if you fail?
5. How much trouble are you willing to go through in order to try to prevent
those?
When we talk about the first question, we often refer to assets (/en/glossary
/asset), or the things that you are trying to protect. An asset (/en/glossary
/asset) is something you value and want to protect. When we are talking about
digital security, the assets in question are usually information. For example,
your emails, contact lists, instant messages, and files are all assets. Your

1 din 3

10.11.2014 21:44

Want a security starter pack? | Surveillance Sel...

https://ssd.e.org/en/playlist/want-security-start...

devices are also assets.

Write down a list of data that you keep, where its kept, who has access to it,
and what stops others from accessing it.
In order to answer the second question, Who do you want to protect it from ,
its important to understand who might want to target you or your information,
or who is your adversary (/en/glossary/adversary). An adversary is any
person or entity that poses a threat (/en/glossary/threat) against an asset or
assets. Examples of potential adversaries are your boss, your government, or a
hacker on a public network.

Make a list of who might want to get ahold of your data or communications. It
might be an individual, a government agency, or a corporation.
A threat is something bad that can happen to an asset. There are numerous
ways that an adversary can threaten your data. For example, an adversary can
read your private communications as they pass through the network, or they
can delete or corrupt your data. An adversary could also disable your access to
your own data.
The motives of adversaries differ widely, as do their attacks. A government
trying to prevent the spread of a video showing police violence may be
content to simply delete or reduce the availability of that video, whereas a
political opponent may wish to gain access to secret content and publish it
without you knowing.

Write down what your adversary might want to do with your private data.
The capability of your attacker is also an important thing to think about. For
example, your mobile phone provider has access to all of your phone records
and therefore has the capability to use that data against you. A hacker on an
open Wi-Fi network can access your unencrypted communications. Your
government might have stronger capabilities.
A final thing to consider is risk (/en/glossary/risk-analysis). Risk is the
likelihood that a particular threat against a particular asset will actually occur,
and goes hand-in-hand with capability. While your mobile phone provider has
the capability to access all of your data, the risk of them posting your private
data online to harm your reputation is low.
It is important to distinguish between threats and risks. While a threat is a bad
thing that can happen, risk is the likelihood that the threat will occur. For
instance, there is a threat that your building might collapse, but the risk of this
happening is far greater in San Francisco (where earthquakes are common)
than in Stockholm (where they are not).
Evaluating risk is both a personal and a subjective process; not everyone has
the same priorities or views threats in the same way. Many people find certain

2 din 3

10.11.2014 21:44

Want a security starter pack? | Surveillance Sel...

https://ssd.e.org/en/playlist/want-security-start...

threats unacceptable no matter what the risk, because the mere presence of
the threat at any likelihood is not worth the cost. In other cases, people
disregard high risks because they don't view the threat as a problem.
In a military context, for example, it might be preferable for an asset to be
destroyed than for it to fall into enemy hands. Conversely, in many civilian
contexts, it's more important for an asset such as email service to be available
than confidential.

Now, lets practice threat modeling.

If you want to keep your house and possessions safe, here are a few questions
you might ask:
Should I lock my door?
What kind of lock or locks should I invest in?
Do I need a more advanced security system?
What are the assets in this scenario?
The privacy of my home
The items inside my home
What is the threat?
Someone could break in.
What is the actual risk of someone breaking in? Is it likely?
Once you have asked yourself these questions, you are in a position to assess
what measures to take. If your possessions are valuable, but the risk of a
break-in is low, then you probably wont want to invest too much money in a
lock. On the other hand, if the risk is high, youll want to get the best locks on
the market, and perhaps even add a security system.

A PROJECT OF THE ELECTRONIC FRONTIER FOUNDATION (HTTPS://WWW.EFF.ORG/)

SURVEILLANCE-SELF-DEFENSE)

CREDITS (/EN/CREDITS)

ABOUT (/EN/ABOUT-

PRIVACY (HTTPS://WWW.EFF.ORG/POLICY)

(https://www.eff.org/copyright)

3 din 3

10.11.2014 21:44